linux-user: Detect and report host crashes

If there is an internal program error in the qemu source code which
raises SIGSEGV or SIGBUS, we currently assume the signal belongs to
the guest. With an

linux-user: Detect and report host crashes

If there is an internal program error in the qemu source code which
raises SIGSEGV or SIGBUS, we currently assume the signal belongs to
the guest. With an artificial error introduced, we will now print

QEMU internal SIGSEGV {code=MAPERR, addr=(nil)}

Signed-off-by: Helge Deller <deller@gmx.de>
Message-Id: <20230812164314.352131-1-deller@gmx.de>
[rth: Use in_code_gen_buffer and die_with_signal; drop backtrace]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Exit not abort in die_with_backtrace

This line is supposed to be unreachable, but if we're going to
have it at all, SIGABRT via abort() is subject to the same signal
peril that created t

linux-user: Exit not abort in die_with_backtrace

This line is supposed to be unreachable, but if we're going to
have it at all, SIGABRT via abort() is subject to the same signal
peril that created this function in the first place.

We can _exit immediately without peril.

Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Split out die_with_signal

Because we trap so many signals for use by the guest,
we have to take extra steps to exit properly.

Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philipp

linux-user: Split out die_with_signal

Because we trap so many signals for use by the guest,
we have to take extra steps to exit properly.

Acked-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Propagate failure in mmap_reserve_or_unmap back to target_munmap

Do not assert success, but return any failure received.
Additionally, fix the method of earlier error return in target_mu

linux-user: Propagate failure in mmap_reserve_or_unmap back to target_munmap

Do not assert success, but return any failure received.
Additionally, fix the method of earlier error return in target_munmap.

Reported-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/elfload: Enable LSX/LASX in HWCAP for LoongArch

Since support for LSX and LASX is landed in QEMU recently, we can update
HWCAPS accordingly.

Signed-off-by: Jiajie Chen <c@jia.je>
Reviewe

linux-user/elfload: Enable LSX/LASX in HWCAP for LoongArch

Since support for LSX and LASX is landed in QEMU recently, we can update
HWCAPS accordingly.

Signed-off-by: Jiajie Chen <c@jia.je>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20231001085315.1692667-1-c@jia.je>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/sh4: Fix crashes on signal delivery

sh4 uses gUSA (general UserSpace Atomicity) to provide atomicity on CPUs
that don't have atomic instructions. A gUSA region that adds 1 to an
atomic va

linux-user/sh4: Fix crashes on signal delivery

sh4 uses gUSA (general UserSpace Atomicity) to provide atomicity on CPUs
that don't have atomic instructions. A gUSA region that adds 1 to an
atomic variable stored in @R2 looks like this:

4004b6: 03 c7 mova 4004c4 <gusa+0x10>,r0
4004b8: f3 61 mov r15,r1
4004ba: 09 00 nop
4004bc: fa ef mov #-6,r15
4004be: 22 63 mov.l @r2,r3
4004c0: 01 73 add #1,r3
4004c2: 32 22 mov.l r3,@r2
4004c4: 13 6f mov r1,r15

R0 contains a pointer to the end of the gUSA region
R1 contains the saved stack pointer
R15 contains negative length of the gUSA region

When this region is interrupted by a signal, the kernel detects if
R15 >= -128U. If yes, the kernel rolls back PC to the beginning of the
region and restores SP by copying R1 to R15.

The problem happens if we are interrupted by a signal at address 4004c4.
R15 still holds the value -6, but the atomic value was already written by
an instruction at address 4004c2. In this situation we can't undo the
gUSA. The function unwind_gusa does nothing, the signal handler attempts
to push a signal frame to the address -6 and crashes.

This patch fixes it, so that if we are interrupted at the last instruction
in a gUSA region, we copy R1 to R15 to restore the correct stack pointer
and avoid crashing.

There's another bug: if we are interrupted in a delay slot, we save the
address of the instruction in the delay slot. We must save the address of
the previous instruction.

Cc: qemu-stable@nongnu.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Yoshinori Sato <ysato@users.sourcefoege.jp>
Message-Id: <b16389f7-6c62-70b7-59b3-87533c0bcc@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/mips: fix abort on integer overflow

QEMU mips userspace emulation crashes with "qemu: unhandled CPU exception
0x15 - aborting" when one of the integer arithmetic instructions detects
an o

linux-user/mips: fix abort on integer overflow

QEMU mips userspace emulation crashes with "qemu: unhandled CPU exception
0x15 - aborting" when one of the integer arithmetic instructions detects
an overflow.

This patch fixes it so that it delivers SIGFPE with FPE_INTOVF instead.

Cc: qemu-stable@nongnu.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Message-Id: <3ef979a8-3ee1-eb2d-71f7-d788ff88dd11@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Fixes for zero_bss

The previous change, 2d385be6152, assumed !PAGE_VALID meant that
the page would be unmapped by the elf image. However, since we
reserved the entire image space via mm

linux-user: Fixes for zero_bss

The previous change, 2d385be6152, assumed !PAGE_VALID meant that
the page would be unmapped by the elf image. However, since we
reserved the entire image space via mmap, PAGE_VALID will always
be set. Instead, assume PROT_NONE for the same condition.

Furthermore, assume bss is only ever present for writable segments,
and that there is no page overlap between PT_LOAD segments.
Instead of an assert, return false to indicate failure.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1854
Fixes: 2d385be6152 ("linux-user: Do not adjust zero_bss for host page size")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/syscall.c: clean up local variable shadowing in xattr syscalls

p is a generic variable in syscall() and can be used by any syscall
case, so this patch removes the useless local variable d

linux-user/syscall.c: clean up local variable shadowing in xattr syscalls

p is a generic variable in syscall() and can be used by any syscall
case, so this patch removes the useless local variable declaration for
the following syscalls: TARGET_NR_llistxattr, TARGET_NR_listxattr,
TARGET_NR_setxattr, TARGET_NR_lsetxattr, TARGET_NR_getxattr,
TARGET_NR_lgetxattr, TARGET_NR_removexattr, TARGET_NR_lremovexattr.

Fix following warnings:

.../linux-user/syscall.c:12342:15: warning: declaration of 'p' shadows a previous local [-Wshadow=compatible-local]
12342 | void *p, *b = 0;
| ^
.../linux-user/syscall.c:8975:11: note: shadowed declaration is here
8975 | void *p;
| ^
.../linux-user/syscall.c:12379:19: warning: declaration of 'p' shadows a previous local [-Wshadow=compatible-local]
12379 | void *p, *n, *v = 0;
| ^
.../linux-user/syscall.c:8975:11: note: shadowed declaration is here
8975 | void *p;
| ^
.../linux-user/syscall.c:12424:19: warning: declaration of 'p' shadows a previous local [-Wshadow=compatible-local]
12424 | void *p, *n, *v = 0;
| ^
.../linux-user/syscall.c:8975:11: note: shadowed declaration is here
8975 | void *p;
| ^
.../linux-user/syscall.c:12469:19: warning: declaration of 'p' shadows a previous local [-Wshadow=compatible-local]
12469 | void *p, *n;
| ^
.../linux-user/syscall.c:8975:11: note: shadowed declaration is here
8975 | void *p;
| ^

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20230925151029.461358-6-laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

show more ...

linux-user/syscall.c: clean up local variable shadowing in TARGET_NR_getcpu

Fix following warnings:

.../linux-user/syscall.c: In function 'do_syscall1':
.../linux-user/syscall.c:11180:22: warning:

linux-user/syscall.c: clean up local variable shadowing in TARGET_NR_getcpu

Fix following warnings:

.../linux-user/syscall.c: In function 'do_syscall1':
.../linux-user/syscall.c:11180:22: warning: declaration of 'cpu' shadows a previous local [-Wshadow=local]
11180 | unsigned cpu, node;
| ^~~
.../linux-user/syscall.c:8963:15: note: shadowed declaration is here
8963 | CPUState *cpu = env_cpu(cpu_env);
| ^~~

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20230925151029.461358-5-laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

show more ...

linux-user/syscall.c: clean up local variable shadowing in do_ioctl_dm()

Fix following warnings:

.../linux-user/syscall.c: In function 'do_ioctl_dm':
.../linux-user/syscall.c:5053:23: warning: decl

linux-user/syscall.c: clean up local variable shadowing in do_ioctl_dm()

Fix following warnings:

.../linux-user/syscall.c: In function 'do_ioctl_dm':
.../linux-user/syscall.c:5053:23: warning: declaration of 'arg_type' shadows a previous local [-Wshadow=local]
5053 | const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
| ^~~~~~~~
.../linux-user/syscall.c:4991:20: note: shadowed declaration is here
4991 | const argtype *arg_type = ie->arg_type;
| ^~~~~~~~
...//linux-user/syscall.c:5102:27: warning: declaration of 'arg_type' shadows a previous local [-Wshadow=local]
5102 | const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_name_list) };
| ^~~~~~~~
.../linux-user/syscall.c:4991:20: note: shadowed declaration is here
4991 | const argtype *arg_type = ie->arg_type;
| ^~~~~~~~
.../linux-user/syscall.c:5130:27: warning: declaration of 'arg_type' shadows a previous local [-Wshadow=local]
5130 | const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
| ^~~~~~~~
.../linux-user/syscall.c:4991:20: note: shadowed declaration is here
4991 | const argtype *arg_type = ie->arg_type;
| ^~~~~~~~
.../linux-user/syscall.c:5170:27: warning: declaration of 'arg_type' shadows a previous local [-Wshadow=local]
5170 | const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_versions) };
| ^~~~~~~~
.../linux-user/syscall.c:4991:20: note: shadowed declaration is here
4991 | const argtype *arg_type = ie->arg_type;
| ^~~~~~~~

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20230925151029.461358-4-laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

show more ...

linux-user/mmap.c: clean up local variable shadowing

Fix following warnings:

.../linux-user/mmap.c: In function 'target_mremap':
.../linux-user/mmap.c:913:13: warning: declaration of 'prot' shadows

linux-user/mmap.c: clean up local variable shadowing

Fix following warnings:

.../linux-user/mmap.c: In function 'target_mremap':
.../linux-user/mmap.c:913:13: warning: declaration of 'prot' shadows a previous local [-Wshadow=compatible-local]
913 | int prot = 0;
| ^~~~
../../../Projects/qemu/linux-user/mmap.c:871:9: note: shadowed declaration is here
871 | int prot;
| ^~~~

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20230925151029.461358-3-laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

show more ...

linux-user/flatload: clean up local variable shadowing

Fix following warnings:

.../linux-user/flatload.c: In function 'load_flt_binary':
.../linux-user/flatload.c:758:23: warning: declaration of 'p

linux-user/flatload: clean up local variable shadowing

Fix following warnings:

.../linux-user/flatload.c: In function 'load_flt_binary':
.../linux-user/flatload.c:758:23: warning: declaration of 'p' shadows a previous local [-Wshadow=compatible-local]
758 | abi_ulong p;
| ^
../../../Projects/qemu/linux-user/flatload.c:722:15: note: shadowed declaration is here
722 | abi_ulong p;
| ^

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20230925151029.461358-2-laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

show more ...

build: Remove --enable-gprof

This build option has been deprecated since 8.0.
Remove all CONFIG_GPROF code that depends on that,
including one errant check using TARGET_GPROF.

Acked-by: Alex Bennée

build: Remove --enable-gprof

This build option has been deprecated since 8.0.
Remove all CONFIG_GPROF code that depends on that,
including one errant check using TARGET_GPROF.

Acked-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/hppa: Fix struct target_sigcontext layout

Use abi_ullong not uint64_t so that the alignment of the field
and therefore the layout of the struct is correct.

Reviewed-by: Philippe Mathieu-

linux-user/hppa: Fix struct target_sigcontext layout

Use abi_ullong not uint64_t so that the alignment of the field
and therefore the layout of the struct is correct.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

tcg: Split out tcg init functions to tcg/startup.h

The tcg/tcg.h header is a big bucket, containing stuff related to
the translators and the JIT backend. The places that initialize
tcg or create ne

tcg: Split out tcg init functions to tcg/startup.h

The tcg/tcg.h header is a big bucket, containing stuff related to
the translators and the JIT backend. The places that initialize
tcg or create new threads do not need all of that, so split out
these three functions to a new header.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

tcg: Remove argument to tcg_prologue_init

We can load tcg_ctx just as easily within the callee.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.hen

tcg: Remove argument to tcg_prologue_init

We can load tcg_ctx just as easily within the callee.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

accel/tcg: Replace CPUState.env_ptr with cpu_env()

Reviewed-by: Anton Johansson <anjo@rev.ng>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user/strace: Clean up local variable shadowing

Fix:

linux-user/strace.c: In function ‘print_sockaddr’:
linux-user/strace.c:370:17: warning: declaration of ‘i’ shadows a previous local [-W

linux-user/strace: Clean up local variable shadowing

Fix:

linux-user/strace.c: In function ‘print_sockaddr’:
linux-user/strace.c:370:17: warning: declaration of ‘i’ shadows a previous local [-Wshadow=compatible-local]
370 | int i;
| ^
linux-user/strace.c:361:9: note: shadowed declaration is here
361 | int i;
| ^

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230904161235.84651-20-philmd@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

show more ...

target/arm: Enable FEAT_MOPS for CPU 'max'

Enable FEAT_MOPS on the AArch64 'max' CPU, and add it to
the list of features we implement.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Review

target/arm: Enable FEAT_MOPS for CPU 'max'

Enable FEAT_MOPS on the AArch64 'max' CPU, and add it to
the list of features we implement.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230912140434.1333369-13-peter.maydell@linaro.org

show more ...

target/arm: Implement FEAT_HBC

FEAT_HBC (Hinted conditional branches) provides a new instruction
BC.cond, which behaves exactly like the existing B.cond except
that it provides a hint to the branch

target/arm: Implement FEAT_HBC

FEAT_HBC (Hinted conditional branches) provides a new instruction
BC.cond, which behaves exactly like the existing B.cond except
that it provides a hint to the branch predictor about the
likely behaviour of the branch.

Since QEMU does not implement branch prediction, we can treat
this identically to B.cond.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/elfload.c: Report previously missing arm32 hwcaps

Add the code to report the arm32 hwcaps we were previously missing:
ss, ssbs, fphp, asimdhp, asimddp, asimdfhm, asimdbf16, i8mm

Signed-

linux-user/elfload.c: Report previously missing arm32 hwcaps

Add the code to report the arm32 hwcaps we were previously missing:
ss, ssbs, fphp, asimdhp, asimddp, asimdfhm, asimdbf16, i8mm

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/elfload.c: Add missing arm and arm64 hwcap values

Our lists of Arm 32 and 64 bit hwcap values have lagged behind
the Linux kernel. Update them to include all the bits defined
as of upstre

linux-user/elfload.c: Add missing arm and arm64 hwcap values

Our lists of Arm 32 and 64 bit hwcap values have lagged behind
the Linux kernel. Update them to include all the bits defined
as of upstream Linux git commit a48fa7efaf1161c1 (in the middle
of the kernel 6.6 dev cycle).

For 64-bit, we don't yet implement any of the features reported via
these hwcap bits. For 32-bit we do in fact already implement them
all; we'll add the code to set them in a subsequent commit.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/elfload.c: Correct SME feature names reported in cpuinfo

Some of the names we use for CPU features in linux-user's dummy
/proc/cpuinfo don't match the strings in the real kernel in
arch/a

linux-user/elfload.c: Correct SME feature names reported in cpuinfo

Some of the names we use for CPU features in linux-user's dummy
/proc/cpuinfo don't match the strings in the real kernel in
arch/arm64/kernel/cpuinfo.c. Specifically, the SME related
features have an underscore in the HWCAP_FOO define name,
but (like the SVE ones) they do not have an underscore in the
string in cpuinfo. Correct the errors.

Fixes: a55b9e7226708 ("linux-user: Emulate /proc/cpuinfo on aarch64 and arm")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

target/loongarch: Add LASX data support

Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230914022645.1151356-12-gaosong@loo

target/loongarch: Add LASX data support

Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230914022645.1151356-12-gaosong@loongson.cn>

show more ...